While the annual Black Hat 2010 conference tends to bring a lot of much-needed focus to security, the problem most IT organizations have is that they are never sure what happened on the network.
The good news is that a discipline generally referred to as network forensics is getting more robust by the minute. The bad news is that an increased focus on corporate security by organizations such as the National Security Agency (NSA) means that companies don’t have a lot time to improve their overall security posture.
The NSA, for example, is launching an effort, dubbed Perfect Citizen, to detect when public agencies and private companies are the focus of a specific attack. That’s all well and fine, said Peter Schlampp, vice president of marketing and product management for Solera Networks. But once an attack is detected, security experts are going to want to research exactly what happened. That means, says Schlampp, companies have to be able to play back exactly what happened on their networks at any given time.
Solera Networks, which this week closed another $15 million in financing, provides a set of network monitoring appliances that can index a million packets a second. That index then allows the appliances to be used to play back an entire series of events on the network in full fidelity.
While the concept of network forensics has been around for a while, the technology is only now starting to be able to capture every event on the network in real time. That should serve to greatly enhance our understanding of how any particular attack is perpetrated.
So don’t be too surprised when some government official knocks on your virtual door in the next several months and starts asking you pointed questions about your company’s overall security posture and what you intend to do to improve it as part of our new national cyberdefense strategy.